Mobile Spy Software Maker MSpy Hacked, Customer Data Leaked 79
pdclarry writes: mSpy sells a software-as-a-service package that claims to allow you to spy on iPhones. It is used by ~2 million people to spy on their children, partners, Exes, etc. The information gleaned is stored on mSpy's servers. Brian Krebs reports that mSpy has been hacked and their entire database of several hundred GB of their customer's data has been posted on the Dark Web. The trove includes Apple IDs and passwords, as well as the complete contents of phones that have mSpy installed. So much for keeping your children safe.
And the NSA is grabbing it as we speak ... (Score:3)
I guess some enterprising lawyer will also use it to troll for clients whose spouses have spied on them.
Re: (Score:3, Informative)
You joking? The NSA already had this data.
Re:And the NSA is grabbing it as we speak ... (Score:5, Funny)
Probably true (Score:2, Insightful)
Finding an old article on mSpy:
"The mSpy technology aggregates the surveillance activity in a cloud-based, password-protected control panel, from which the user can send remote commands, including blocking access to certain programs, websites and apps, and can also restrict incoming calls or shut down and lock the phone. Now that themSpy monitoring software can be pre-installed on HTC One, Nexus 5, Samsung Galaxy S4 and iPhone 5s smartphones, the user no longer has to worry about smartphone compatibility wi
Re:Probably true (Score:5, Informative)
A clarification, you can't install mspy unless you jailbreak your iPhone. I wouldn't be surprised if the Chinese jail breaking packages come with mspy pre-configured... Also, no jailbreak exists for iOS 8.3, the current version.
Re: (Score:2)
>> prominent jailbreakers have already stated such things don't exist
So they don't exist. Fact.
Re: (Score:2)
The only problem with your claim is that other prominent jailbreakers have already stated such things don't exist.
Even if you're inclined to take people you don't know at their word, and I'm not, are you checksumming or otherwise verifying those downloads to make sure that they're intact? and even if you are, is anyone else?
Re: (Score:2)
The most recent jailbreak for 8.2 wasn't released by the old jail dal teams like redsnow or whoever. It was released by a new Chinese group nobody has heard of. Hmm, I wonder who they work for? Still FUD?
Re: (Score:2)
A clarification, you can't install mspy unless you jailbreak your iPhone.
yes you can.
http://www.mspy.com/faq.html [mspy.com]
it works by accessing the iCloud backup and extracting data from that.
Re: (Score:2)
first, a better link is here:
http://www.mspy.com/compatibil... [mspy.com]
in order to access the icloud backup and "extract data", it needs to know the user's account password. It basically downloads the icloud backup onto another phone. L33T HAx0Rs!
As a non-jeakbreak iphone user, I am always on the lookout for potential ways my phone can be hacked. When I find one, I'll let you know.
Re: Probably true (Score:2)
A clarification, you can't install mspy unless you jailbreak your iPhone. I wouldn't be surprised if the Chinese jail breaking packages come with mspy pre-configured... Also, no jailbreak exists for iOS 8.3, the current version.
Incorrect [mspy.com]
Re: (Score:2)
I like this one better.
1) allegedly hack into mSpy to steal data.
* didn't need to do this part, because you already work for the NSA and have all the data, but it was fun anyway
2) post stolen data to the darkweb (nobody there will ask if you simply downloaded it of your work intranet, they'll assume you just hacked mSpy)
3) profit (and laugh while mSpy implodes under a dogpile of negative publicity, all cleanly deflected from your employer)
Re: (Score:3)
Re: (Score:3)
(x) make up most of the story.
The math on what was taken doesn't add up. "Several hundred gigabytes" ~= 200GB. Users ~= 2M. Dividing and we find 100,000 bytes per person. What photo do you know that a modern cell phone camera can take that only uses 100,000 bytes? What other data is there? x & y coordinates of finger swipes?
Yes, they could be transmitting things like web sites visited, but is that really a big deal?
Or, this was a microscopic "break in" of a handful of accounts.
Re: (Score:3, Insightful)
Its cute how you assume most people can learn from their mistakes by tracing decision to result to cause to unintended effect.
Everything has a bright side (Score:5, Funny)
All your stuff is backed up... somewhere
Re: (Score:1)
...all your datum are belong to us...
Re:Everything has a bright side (Score:4, Funny)
I liked how when there was that kerfluffle over hillary's missing emails, a congressman wrote the NSA a letter directing them to retrieve the data.
Re:Everything has a bright side (Score:4, Funny)
Linus used to say "Don't make backups, just stick your stuff on an FTP server and let the world copy it"... I don't think he meant that it was supposed to happen without your consent or knowledge however.
Don't make illegal items, except for us... (Score:1)
The problem is this statement:
Akbar was charged with selling and advertising wiretapping equipment.
“Advertising and selling spyware technology is a criminal offense, and such conduct will be aggressively pursued by this office and our law enforcement partners,” U.S. Attorney Dana Boente said in a press release tied to Akbar’s indictment.
So it is illegal to sell wiretapping equipment.
Why are there so many companies selling and advertising such equipment to government agencies without being charged?
Re: (Score:2)
they made the government official sign a NDA.
and gave them some money back. that they can't disclose to their voters. because of the nda.
Re:Don't make illegal items, except for us... (Score:5, Insightful)
Its a real simple marketing trick actually. Don't call it "spyware" or "wiretapping", call it "security" and "monitoring" and make sure to mention "for the children" and you're all good.
Re: (Score:2)
Pretty much.
Re:Don't make illegal items, except for us... (Score:5, Funny)
Akbar - It's a trap!
LOL (Score:2)
I needed a good laugh.
Encryption anyone? (Score:2)
I'm pretty sure this is why you encrypt your database. But you know, whatever, cost money, might hurt the bottom line.
Re: (Score:3)
If that's how it happened, or if analysis of a compromise
Re: (Score:2)
If a system like this was properly designed, the data would be encrypted against a key held by the customer, and the company would never have access to decrypted data. As it is, it appears that every person using the service was in effect providing the company with all the data from the phone in question. What the company did with it after this point is irrelevant, as the information is already compromised.
Based on the activities of the original owners, I wouldn't be surprised if someone got fired from th
Story useless without... (Score:1)
Link?
It's a real shame... (Score:5, Insightful)
...that the data stolen belonged to people whose privacy was already being grossly invaded, rather than to the fuckwits who thought it was a good idea to spy on their family members.
Re: (Score:2)
I am sure 'MSpy' wrote in all sorts of stuff in the EULA to ensure that all your data belong to them. Perhaps they felt there was more money in selling the data than in looking after it. Unencrypted means only one thing, they did not care about keeping it secure internally ie they were already trawling through it all for the juicy bits. They do have a Seychelles office http://www.taxjustice.net/2014... [taxjustice.net] which puts them immediately under extreme suspicion.
Re:It's a real shame... (Score:5, Insightful)
The people who's data was spied upon, never agreed to any EULA.
Re: (Score:2)
You eventually have to move. You don't HAVE to have an iPhone. Many of us survived decades without one.
Re: (Score:2)
I wouldn't be so sure about that. Chances are that their Apple IDs and email addresses are exposed, as well as maybe some embarrassing photos if they are the partner of their victim. An Apple ID is all it took to crack all those celebrity iCloud accounts because their passwords and recovery info were usually easy to guess. In this case the names and probably birthdays of their families are known, their anniversary date etc.
Any CEOs or politicians involved should be worried.
This is actually great (Score:3)
Can you imagine the number of lawsuits this is going to bring against the people who installed it?
How does iPhone spyware even work? (Score:2)
Re:How does iPhone spyware even work? (Score:5, Informative)
MSpy Tor Onion Address? (Score:2, Insightful)
Well, ok, so what is the onion address?
We can't really evaluate this stuff without the source.
Re: (Score:3, Informative)
Not that it helps because the hoster has said they have disabled the downloads for 1-2 days but its
http://mspycomkftki3h54.onion/
Re: (Score:2)
Mobile Spy Software Maker MSpy Hacked (Score:1)
Not much data (Score:1)
"Several hundred GB" divided by "~2m people" equals "a couple hundred KB per person."
These days, that's a tiny amount of data to be "complete contents"